{"id":19634,"date":"2021-04-20T00:24:01","date_gmt":"2021-04-19T22:24:01","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=19634"},"modified":"2021-04-20T00:24:01","modified_gmt":"2021-04-19T22:24:01","slug":"windows-10-ntfs-bug-cve-2021-28312-gefixt-13-4-2021","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/04\/20\/windows-10-ntfs-bug-cve-2021-28312-gefixt-13-4-2021\/","title":{"rendered":"Windows 10 NTFS Bug (CVE-2021-28312) fixed (April 13, 2021)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/win102.jpg\" width=\"58\" align=\"left\" height=\"58\">[<a href=\"https:\/\/www.borncity.com\/blog\/2021\/04\/19\/windows-10-ntfs-bug-cve-2021-28312-gefixt-13-4-2021\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Microsoft has also fixed the Windows NTFS bug, which could lead to NTFS system drive corruption, on Patchday (4\/13\/2021) with the rolled-out security updates for Windows 10. Here is some information on the subject.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg01.met.vgwort.de\/na\/2cab11db0b63439592457961a5c3eaa9\" width=\"1\" height=\"1\">Actually, I had lost track of Ganz because I thought this had been fixed for a long time. Now the issue has come to my attention the last few hours on Facebook, through <a href=\"https:\/\/www.borncity.com\/blog\/2021\/04\/16\/patchday-nachlese-april-2021\/#comment-105640\" target=\"_blank\" rel=\"noopener\">this comment<\/a> (thanks for that) and from colleagues <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-fixes-windows-10-bug-that-can-corrupt-ntfs-drives\/\" target=\"_blank\" rel=\"noopener\">here<\/a>.&nbsp; <\/p>\n<h2>The NTFS volume bug  <\/h2>\n<p>In the implementation of the NTFS file system used by Windows 10, a previously unpatched vulnerability was disclosed in January 2021 (see my blog post <a href=\"https:\/\/borncity.com\/win\/2021\/01\/15\/windows-10-schwachstelle-ermglicht-ntfs-medieninhalte-zu-zerstren\/\">Windows 10: Vulnerability allows to destroy NTFS media content<\/a>). The disclosure was made by @jonasLyk as of January 9, 2021 on Twitter- see the following <a href=\"https:\/\/twitter.com\/jonasLyk\/status\/1347900440000811010\" target=\"_blank\" rel=\"noopener\">tweet<\/a>.&nbsp; <\/p>\n<p><a href=\"https:\/\/twitter.com\/jonasLyk\/status\/1347900440000811010\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Windows NTFS Vulnerability\" alt=\"Windows NTFS Vulnerability\" src=\"https:\/\/i.imgur.com\/zbMok0J.png\"><\/a>  <\/p>\n<p>Access to a prepared folder is enough to exploit the vulnerability. The whole thing can be triggered remotely (e.g. downloading a prepared shortcut file or ZIP archive). This vulnerability allows attackers to mark the contents of an NTFS volume used under Windows 10 as corrupted. A disk check is then triggered on reboot, which can fix the error &#8211; but in rare cases the system can no longer boot.  <\/p>\n<blockquote>\n<p>The command shown accesses the <a href=\"https:\/\/www.osforensics.com\/faqs-and-tutorials\/how-to-scan-ntfs-i30-entries-deleted-files.html\">$130 attribute of an NTFS volume<\/a>. Via this $I30 attribute, the NTFS file system maintains an index of all files\/subdirectories belonging to a directory. The bug is present as of Windows 10 version 1803. Microsoft had classified the bug as CVE-2021-28312 (Windows NTFS Denial of Service Vulnerability).&nbsp; <\/p>\n<\/blockquote>\n<h2>Fix announced, fix rolled out now<\/h2>\n<p>At the end of January 2021, there was already an unofficial fix for this bug, which I had presented in the blog post <a href=\"https:\/\/borncity.com\/win\/2021\/01\/26\/windows-10-ntfs-bug-gets-unofficial-fix-from-osr\/\">Windows 10 NTFS bug gets unofficial fix from OSR<\/a>. But as an administrator, I wouldn't necessarily want to install such unofficial fixes. Then at the end of February 2021, I had hinted in the blog post <a href=\"https:\/\/borncity.com\/win\/2021\/02\/28\/fix-fr-windows-10-bug-der-datenfehler-bei-ntfs-laufwerken-provoziert-kommt\/\">Fix for Windows 10 bug that causes NTFS volume corruption is coming<\/a>, that Microsoft was working on a fix for the bug that allows file system errors to be triggered on NTFS drives.<\/p>\n<p>Bleeping Computer colleagues had <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-fixes-windows-10-drive-corruption-bug-what-you-need-to-know\/\" target=\"_blank\" rel=\"noopener\">noticed<\/a> that Microsoft included an undocumented fix in Windows 10 Insider build 21322 that prevents access to the path that triggers the error. Now, Bleeping Computer colleagues write in <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-fixes-windows-10-bug-that-can-corrupt-ntfs-drives\/\" target=\"_blank\" rel=\"noopener\">this post<\/a> that Microsoft has fixed the bug in all supported Windows 10 versions with the April 13, 2021 security updates. However, I didn't find anything in the official description of the updates (and in the post Patchday: Windows 10 updates (April 13, 2021)) during a quick search.&nbsp; <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Microsoft has also fixed the Windows NTFS bug, which could lead to NTFS system drive corruption, on Patchday (4\/13\/2021) with the rolled-out security updates for Windows 10. Here is some information on the subject.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[463,2],"tags":[188,2613,195,76],"class_list":["post-19634","post","type-post","status-publish","format-standard","hentry","category-issue","category-windows","tag-bug","tag-ntfs","tag-update","tag-windows-10"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/19634","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=19634"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/19634\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=19634"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=19634"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=19634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}